CVE-2026-43939

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N                                    

Vulnerability Description

YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 and 3.2.12, the thread posting and reply feature accepts user-supplied content via a a post or reply that is stored server-side and later rendered back into the thread page without adequate HTML sanitization or contextual output encoding. This vulnerability is fixed in 4.0.5 and 3.2.12.

Vulnerability Details

Published Date

May 05, 2026

Last Modified

May 12, 2026

CWE ID

CWE-79

Source

GitHub

Vendor

nuget

Product

YAFNET.Core

External References

https://github.com/YAFNET/YAFNET/security/advisories/GHSA-8rq5-wwpp-fmj2
https://github.com/YAFNET/YAFNET/releases/tag/v3.2.12
https://github.com/YAFNET/YAFNET/releases/tag/v4.0.5
https://github.com/advisories/GHSA-8rq5-wwpp-fmj2

CVE-2026-43939

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment